Hack Brief: Hackers Breach BuzzFeed in Retaliation for Exposé

Share

Hack Brief: Hackers Breach BuzzFeed in Retaliation for Exposé

Buzzfeed

After Kim Kardashian was threatened and robbed in Paris this week, celebrities are considering whether her frequent social media use made her more vulnerable, and may be reassessing their own digital sharing. But for prominent people, this won't resolve another perpetual threat: Being hacked.

The hacking group OurMine—known for infiltrating the digital accounts of tech CEOs, venture capitalist, and celebrities—breached BuzzFeed on Wednesday, leaving a trail of defaced and deleted articles in its wake. The attack seems to have been in response to an investigation BuzzFeed published on Tuesday, which alleged that OurMine is not actually a group, but a lone Saudi Arabian high schooler. The teens (allegedly) strike again.

The Hack

Reporter Joseph Bernstein's OurMine investigation published on Tuesday; BuzzFeed's site was attacked Wednesday morning. Headlines on a few articles and on the site's homepage read, "HACKED BY OURMINE" and advertised the group's website, Ourmine.org. The vandalism was similar to that of other OurMine attacks. One altered article read, "Hacked by OurMine team, don’t share fake news about us again, we have your database. Next time it will be public. Don’t f*@k with OurMine again."

BuzzFeed quickly tweeted about the incident and said it was "working to restore the altered articles, including the original report on the group." Within a few hours, evidence of the attack had been removed.

BuzzFeed didn't have additional comment on how OurMine breached its systems. In the past, OurMine has used passwords leaked in large-scale breaches to access other accounts where someone re-used the same password. When the organization takes credit for hacking a target, it often claims that its goal is to test people's security and show the dangers of reusing passwords. It has also said that it sells security services. In a blog post on Wednesday, OurMine said of the BuzzFeed hack, "Why we hacked it? Alright, yesterday Buzzfeed Created a post that we are only 1 member called Ahmed Makki, and we can confirm that we don’t Have a member called ' Ahmed Makki ' and we are now 4 we were 3 but someone joined, and we hacked it because they are reporting fake news about us :)" OurMine has also exploited third-party applications connected to social media accounts to gain access.

Who’s Affected

OurMine still seems to target high-profile organizations and individuals, especially technologists like Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Twitter CEO Jack Dorsey. Even actor Channing Tatum was dragged into the mix. It seems to be a new step for OurMine to target an organization like BuzzFeed and attempt to silence it through coercion. It's unclear what OurMine means when it says it has BuzzFeed's "database," though. The group did not characterize the data it claimed to have stolen.

How Serious Is This?

Though you probably wouldn't want OurMine advising you on the finer points of personal security, hacks by the group (or teen) are always a reminder that password reuse is dangerous, and that you should carefully curate and monitor the apps you grant access to your digital accounts. The BuzzFeed situation also shows that OurMine is willing to retaliate for perceived slights and isn't going anywhere, at least for now. From the physical security risks of posting about daily life on social media to the digital risks of being breached, celebrities need to be careful to lock everything down. It doesn't hurt for regular folk to do the same.